| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2016-11-06 21:49:54.040402 | 2016-11-06 21:55:59.397191 | 365 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| windowsxp1 | windowsxp1 | VirtualBox | 2016-11-06 21:52:48 | 2016-11-06 21:55:59 |
| File name | ticket_432247.doc | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 162816 bytes | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Author: Laura, Template: Normal.dot, Last Saved By: Windows, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Wed Oct 19 14:33:00 2016, Last Saved Time/Date: Wed Oct 19 14:34:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 2, Security: 0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | 28E780BB | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | 543c0cf636bc0e56007e6211cd05ecf2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | 400cb9f479fd5ab09aa895245e16ba999ce5142e | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | 3ea894203c48d37b73ce9202dec7eedbf1c724b707f7de058e42c18c3e55bd49 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | 909f4c09ee15da781a6405f806d5172d3a3e6f3e84d5e40df7b79885ffd76df989f44cae2587d3bb584af5e864280eebf70c0c2b9cc6edbe50dcfec7f316f330 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | 3072:TPzjPz+GMPyhgY0u7X6P2ab+PA5dIJ064tSk9qAERSEj7RdM+:TXzhgFPHasuJkQRLldM+ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2016-11-03 16:50:00 Detection Rate: 36/55 (Expand)
|
| File name | a1272deb82ce95c1_ge443.exe |
|---|---|
| File size | 35840 bytes |
| File type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 752c1b9e35e075aabbe9d45ff3d78be3 |
| SHA1 | 919d017825bff458394e671e48fbd7a8bf64b7e9 |
| SHA256 | a1272deb82ce95c115ee87ffba80075bc72eea3d874cd91f8142adca0d20d3f8 |
| SHA512 | 916dc3c35b96981c5cd971f9f01d25ed4ee6becc1d6ad1b194f6c502c26a9e40c563925f5853edec20fed4b78b87b68ac9cbc7b2e190320304bb35dd44577beb |
| Ssdeep | 768:3ursWf2xCaipgxT+oQaWFCcHG2ggqQt4ls5i4H:ena4pqswWLgPQt40 |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | b27b98df298e685e_~$cket_432247.doc |
|---|---|
| File size | 162 bytes |
| File type | data |
| MD5 | f7ae9c8c54bcb2cb8c1e3ba49eeb2b05 |
| SHA1 | bc2a4f523359d033d228e6832314973ba80cc83f |
| SHA256 | b27b98df298e685e1215345691123b3b5d81be0b55ca5c8840070ab0d42246f8 |
| SHA512 | 1e1a6fddfa3bf46ad45d64e43c6d2515e87faf4cac7fd51daa66fb2dc50ce7853b918f34b09ce108958ddd4f8e01cdbbed488d7f70ee4dfe21c977857772e5d5 |
| Ssdeep | 3:PtTtqlll/3l/1HXMDd1l//lCllflzNV:PtstK+7j |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 4826c0d860af884d_~wrs{62607051-bd4c-4c72-ae75-da471cbd93ee}.tmp |
|---|---|
| File size | 1024 bytes |
| File type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| SHA512 | 95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4 |
| Ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 7d3ce07f89e0f4b8_msforms.exd |
|---|---|
| File size | 147284 bytes |
| File type | data |
| MD5 | 1e9b521ceb60e158a14ae229e5e04109 |
| SHA1 | 34bad0759d2231e6821ccb7822c1dd01d4fed97d |
| SHA256 | 7d3ce07f89e0f4b8ba285669d42e4b0bc9d987f833419186e88b6c10717e37c0 |
| SHA512 | 9efc12c3ac156fa51a5a3b0a4e0d43f2944b16582bfc769e72f2b1f256250177072d01a1298a7348b19fa470f7bc8815b22300c44491e7c6042b1d2e058b371a |
| Ssdeep | 1536:CkpL3FNSc8SetKB96vQVCBumVMOej6mXmYarrJQcd1FaLcmB:CeJNSc83tKBAvQVCgOtmXmLpLmB |
| Yara | None matched |
| VirusTotal | Search for Analysis |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2016-11-06 21:47:19.965813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:19.985813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.045813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\oart.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\oart.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.055813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\oart.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\oart.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.096813 | NtOpenFile |
file_handle => 0x00000038 filepath => C:\WINDOWS\system32\imm32.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\IMM32.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:20.106813 | LdrLoadDll |
basename => IMM32 module_address => 0x76390000 flags => 0 module_name => C:\WINDOWS\system32\IMM32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.126813 | LdrLoadDll |
basename => LPK module_address => 0x629c0000 flags => 0 module_name => LPK.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.156813 | NtOpenFile |
file_handle => 0x00000048 filepath => \Device\KsecDD desired_access => 0x00100001 filepath_r => \Device\KsecDD open_options => 16 status_info => 0 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:20.176813 | LdrLoadDll |
basename => wwlib module_address => 0x31240000 flags => 0 module_name => wwlib.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.186813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\mso.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.196813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\mso.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.246813 | NtOpenFile |
file_handle => 0x00000064 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:20.256813 | NtOpenFile |
file_handle => 0x00000064 filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:20.266813 | LdrLoadDll |
basename => mso module_address => 0x32600000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.266813 | LdrLoadDll |
basename => MSO module_address => 0x32600000 flags => 0 module_name => MSO.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.276813 | LdrLoadDll |
basename => mso module_address => 0x32600000 flags => 0 module_name => mso.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.296813 | NtOpenFile |
file_handle => 0x00000078 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Cultures\OFFICE.ODF desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\Cultures\office.odf open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:20.316813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Cultures\OFFICE.ODF desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\Cultures\office.odf create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:20.346813 | LdrLoadDll |
basename => Kernel32 module_address => 0x7c800000 flags => 0 module_name => Kernel32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.356813 | LdrLoadDll |
basename => wwintl module_address => 0x33d00000 flags => 2 module_name => C:\Program Files\Microsoft Office\Office12\1033\wwintl.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.366813 | LdrLoadDll |
basename => ADVAPI32 module_address => 0x77dd0000 flags => 0 module_name => C:\WINDOWS\system32\ADVAPI32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.566813 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.566813 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.686813 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.736813 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.766813 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.807813 | LdrLoadDll |
basename => KERNEL32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\KERNEL32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.967813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:21.007813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:21.027813 | LdrLoadDll |
basename => MSPTLS module_address => 0x6bdc0000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.117813 | NtOpenFile |
file_handle => 0x000000c0 filepath => C:\WINDOWS\system32\shell32.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:21.147813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\SHELL32.DLL.124.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL.124.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:21.157813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\SHELL32.DLL.124.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL.124.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:21.267813 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.287813 | LdrLoadDll |
basename => comctl32 module_address => 0x5d090000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.297813 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.347813 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.357813 | LdrLoadDll |
basename => rpcrt4 module_address => 0x77e70000 flags => 0 module_name => rpcrt4.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.377813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:21.377813 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000114 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:21.457813 | LdrLoadDll |
basename => MSCTF module_address => 0x74720000 flags => 0 module_name => C:\WINDOWS\system32\MSCTF.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.467813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:21.478813 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000118 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:21.508813 | LdrLoadDll |
basename => version module_address => 0x77c00000 flags => 0 module_name => version.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.528813 | NtOpenFile |
file_handle => 0x00000110 filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.538813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000011c filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.558813 | NtOpenFile |
file_handle => 0x00000110 filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.568813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000011c filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.588813 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => C:\WINDOWS\system32\ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.618813 | LdrLoadDll |
basename => msctfime.ime module_address => 0x755c0000 flags => 0 module_name => C:\WINDOWS\system32\msctfime.ime |
SUCCESS | |||
| 2016-11-06 21:47:21.638813 | LdrLoadDll |
basename => msctfime.ime module_address => 0x755c0000 flags => 0 module_name => C:\WINDOWS\system32\msctfime.ime |
SUCCESS | |||
| 2016-11-06 21:47:21.668813 | LdrLoadDll |
basename => MSORES module_address => 0x00fe0000 flags => 2 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.678813 | LdrLoadDll |
basename => MSOINTL module_address => 0x01740000 flags => 2 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.688813 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.698813 | LdrLoadDll |
basename => mscoree module_address => 0x00000000 flags => 0 module_name => C:\WINDOWS\system32\mscoree.dll |
FAILURE | |||
| 2016-11-06 21:47:21.708813 | LdrLoadDll |
basename => VERSION module_address => 0x77c00000 flags => 0 module_name => VERSION.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.718813 | NtOpenFile |
file_handle => 0x00000130 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.728813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.748813 | NtOpenFile |
file_handle => 0x00000130 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.758813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.768813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000130 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip create_options => 4194404 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:21.788813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\OPA12.BAK desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\OPA12.BAK create_options => 2097252 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:21.808813 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000000 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x40110080 file_attributes => 32 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 100 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:21.818813 | NtOpenFile |
file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x00100100 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:21.838813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 4196448 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:21.848813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 4196448 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:22.008813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Microsoft Office\Office12\ID_00030.DPC desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ID_00030.DPC create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:22.199813 | OleInitialize | SUCCESS | ||||
| 2016-11-06 21:47:22.219813 | LdrLoadDll |
basename => MSO module_address => 0x32600000 flags => 0 module_name => MSO.dll |
SUCCESS | |||
| 2016-11-06 21:47:22.269813 | LdrLoadDll |
basename => Winspool.DRV module_address => 0x73000000 flags => 0 module_name => Winspool.DRV |
SUCCESS | |||
| 2016-11-06 21:47:22.299813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpui.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:22.309813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpui.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:22.339813 | LdrLoadDll |
basename => msonpui module_address => 0x01640000 flags => 0 module_name => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll |
SUCCESS | |||
| 2016-11-06 21:47:22.379813 | CoInitializeEx |
options => 2 |
FAILURE | |||
| 2016-11-06 21:47:22.389813 | NtOpenFile |
file_handle => 0x0000015c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:22.399813 | NtOpenFile |
file_handle => 0x0000015c filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:22.449813 | NtOpenFile |
file_handle => 0x00000160 filepath => C:\Program Files\Microsoft Office\Office12\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:22.449813 | NtOpenFile |
file_handle => 0x00000160 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:22.539813 | LdrLoadDll |
basename => UxTheme module_address => 0x5ad70000 flags => 0 module_name => UxTheme.DLL |
SUCCESS | |||
| 2016-11-06 21:47:22.719813 | NtOpenFile |
file_handle => 0x00000168 filepath => C:\Program Files\Microsoft Office\Office12\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:22.769813 | NtOpenFile |
file_handle => 0x00000168 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:22.779813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000168 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:22.819813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000016c filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:22.819813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000016c filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:22.900813 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000170 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm desired_access => 0x40100080 file_attributes => 2 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:22.910813 | NtWriteFile |
buffer => PKSJ file_handle => 0x00000170 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:22.960813 | NtWriteFile |
buffer => P K S J I T S ,¬b2 ¬b2å¸2 Èå¸2 xæ¸2 0ç¸2 ðç¸2 °è¸2 file_handle => 0x00000170 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:23.010813 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.040813 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:23.070813 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.080813 | LdrLoadDll |
basename => SETUPAPI module_address => 0x77920000 flags => 0 module_name => SETUPAPI.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.090813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000190 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.100813 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000190 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:23.120813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000018c filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.150813 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x0000018c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:23.200813 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.210813 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.220813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.240813 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.250813 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.260813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.280813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.290813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.300813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.320813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.330813 | NtOpenFile |
file_handle => 0x00000198 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.340813 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.350813 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.370813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.380813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.400813 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:23.410813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.460813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.470813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.490813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.510813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.520813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.530813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.540813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.561813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.571813 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:23.581813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.591813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.601813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.611813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.631813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.641813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.661813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.671813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.681813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.691813 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:23.701813 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:23.711813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.731813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.751813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\All Users\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.771813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.781813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.791813 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:23.801813 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:23.821813 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:23.831813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.841813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.851813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\All Users\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\All Users\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.851813 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:23.861813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.871813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:23.891813 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.901813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:23.911813 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.911813 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.931813 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.991813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.001813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.021813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\riched20.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:24.041813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\riched20.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:24.061813 | LdrLoadDll |
basename => riched20 module_address => 0x3a780000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.071813 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:24.081813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.091813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.091813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.111813 | CoCreateInstanceEx |
class_context => 0 clsid => {00000000-0000-0000-0000-000000000000} iid => [] |
FAILURE | |||
| 2016-11-06 21:47:24.111813 | LdrLoadDll |
basename => oleaut32 module_address => 0x77120000 flags => 0 module_name => oleaut32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.121813 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\kernel32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.131813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.141813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.151813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.161813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.181813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.201813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.221813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.262813 | CoInitializeSecurity | SUCCESS | ||||
| 2016-11-06 21:47:24.262813 | LdrLoadDll |
basename => OLE32 module_address => 0x774e0000 flags => 0 module_name => OLE32 |
SUCCESS | |||
| 2016-11-06 21:47:24.292813 | LdrLoadDll |
basename => OLE32 module_address => 0x774e0000 flags => 0 module_name => OLE32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:24.312813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.312813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.312813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.322813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.362813 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.412813 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{62607051-BD4C-4C72-AE75-DA471CBD93EE}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{62607051-BD4C-4C72-AE75-DA471CBD93EE}.tmp create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:24.412813 | NtWriteFile |
buffer =>
ý file_handle => 0x00000194 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:24.622813 | CoCreateInstance |
class_context => 23 clsid => {88d969ef-f192-11d4-a65f-0040963251e5} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.872813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.283813 | LdrLoadDll |
basename => gdi32 module_address => 0x77f10000 flags => 0 module_name => gdi32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:25.303813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.313813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.343813 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.383813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.523813 | NtOpenFile |
file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.533813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.553813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.563813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.573813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.583813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.593813 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.613813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ticket_432247.doc desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ticket_432247.doc create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.623813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ticket_432247.doc desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ticket_432247.doc create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:25.633813 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000284 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9C72.tmp desired_access => 0xc0110080 file_attributes => 256 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9C72.tmp create_options => 4192 status_info => 2 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:25.654813 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.664813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.684813 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.694813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.704813 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.714813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.724813 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.734813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.754813 | NtCreateFile |
create_disposition => 5 file_handle => 0x0000007c filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\~$cket_432247.doc desired_access => 0x40100080 file_attributes => 2 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~$cket_432247.doc create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:25.754813 | NtWriteFile |
buffer => PKSJ file_handle => 0x0000007c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:25.774813 | NtWriteFile |
buffer => P K S J I T S ,¬b2 ¬b2å¸2 Èå¸2 xæ¸2 0ç¸2 ðç¸2 °è¸2 file_handle => 0x0000007c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:25.874813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.884813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.884813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.894813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.894813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.904813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.914813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.924813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.934813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.944813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.954813 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.004813 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.014813 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.024813 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.034813 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.184813 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000298 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{9DF2A294-0FB9-46AF-88E0-57D20FEA5068}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{9DF2A294-0FB9-46AF-88E0-57D20FEA5068}.tmp create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:26.395813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:26.405813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd create_options => 4194404 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:26.455813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:26.465813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd create_options => 4194404 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:26.755813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:26.755813 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:26.775813 | LdrLoadDll |
basename => OGL module_address => 0x3bd10000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL |
SUCCESS | |||
| 2016-11-06 21:47:26.835813 | LdrLoadDll |
basename => WTSAPI32 module_address => 0x76f50000 flags => 0 module_name => WTSAPI32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:27.236813 | NtOpenFile |
file_handle => 0x000002cc filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:27.266813 | LdrLoadDll |
basename => Shlwapi module_address => 0x77f60000 flags => 0 module_name => Shlwapi.dll |
SUCCESS | |||
| 2016-11-06 21:47:27.276813 | LdrLoadDll |
basename => Shlwapi module_address => 0x77f60000 flags => 0 module_name => Shlwapi.DLL |
SUCCESS | |||
| 2016-11-06 21:47:27.296813 | CoInitializeEx |
options => 2 |
SUCCESS | |||
| 2016-11-06 21:47:27.306813 | NtOpenFile |
file_handle => 0x000002f8 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.316813 | NtOpenFile |
file_handle => 0x000002f8 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.326813 | NtOpenFile |
file_handle => 0x000002f8 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.336813 | NtOpenFile |
file_handle => 0x000002f8 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.346813 | NtOpenFile |
file_handle => 0x000002f8 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.386813 | NtOpenFile |
file_handle => 0x000002d8 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.396813 | NtOpenFile |
file_handle => 0x000002d8 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.406813 | NtOpenFile |
file_handle => 0x000002d8 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.416813 | NtOpenFile |
file_handle => 0x000002d8 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.446813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.456813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.456813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.466813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.486813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.496813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.506813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.516813 | NtOpenFile |
file_handle => 0x000002fc filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.526813 | OleInitialize | FAILURE | ||||
| 2016-11-06 21:47:27.536813 | LdrLoadDll |
basename => msi module_address => 0x3fde0000 flags => 0 module_name => msi.dll |
SUCCESS | |||
| 2016-11-06 21:47:27.536813 | LdrLoadDll |
basename => user32 module_address => 0x7e410000 flags => 0 module_name => user32.dll |
SUCCESS | |||
| 2016-11-06 21:47:29.038813 | LdrLoadDll |
basename => SXS module_address => 0x7e720000 flags => 0 module_name => SXS.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.068813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000330 filepath => C:\Program Files\Microsoft Office\Office12\MSWORD.OLB desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\MSWORD.OLB create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.129813 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.279813 | LdrLoadDll |
basename => VBE6INTL module_address => 0x65300000 flags => 0 module_name => C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\1033\VBE6INTL.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.279813 | OleInitialize | FAILURE | ||||
| 2016-11-06 21:47:29.279813 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.299813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{018369D1-AF51-440A-B129-6B458CED1822}.tmp desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{018369D1-AF51-440A-B129-6B458CED1822}.tmp create_options => 4194400 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-06 21:47:29.309813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{018369D1-AF51-440A-B129-6B458CED1822}.tmp desired_access => 0x00120089 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{018369D1-AF51-440A-B129-6B458CED1822}.tmp create_options => 0 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:29.329813 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000324 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{018369D1-AF51-440A-B129-6B458CED1822}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{018369D1-AF51-440A-B129-6B458CED1822}.tmp create_options => 96 status_info => 2 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.369813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000033c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.389813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000354 filepath => C:\WINDOWS\system32\stdole2.tlb desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\stdole2.tlb create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.419813 | LdrLoadDll |
basename => scp32 module_address => 0x0fef0000 flags => 0 module_name => scp32.dll |
SUCCESS | |||
| 2016-11-06 21:47:29.449813 | NtOpenFile |
file_handle => 0x00000348 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:29.459813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000348 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.509813 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000034c filepath => C:\WINDOWS\system32\FM20.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\FM20.DLL create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:30.020813 | LdrLoadDll |
basename => USER32 module_address => 0x7e410000 flags => 0 module_name => USER32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:30.020813 | CoCreateInstance |
class_context => 3 clsid => {ac9f2f90-e877-11ce-9f68-00aa00574a4f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:30.060813 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000304 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC177.tmp desired_access => 0xc0110080 file_attributes => 256 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFC177.tmp create_options => 4192 status_info => 2 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:30.090813 | NtOpenFile |
file_handle => 0x00000364 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.100813 | NtOpenFile |
file_handle => 0x00000364 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.110813 | NtOpenFile |
file_handle => 0x00000364 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.120813 | NtOpenFile |
file_handle => 0x00000364 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.130813 | NtOpenFile |
file_handle => 0x00000364 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.140813 | NtOpenFile |
file_handle => 0x00000364 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.160813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL\3 desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL\3 create_options => 2144 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:30.180813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000364 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:30.200813 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\VBE desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.280813 | NtOpenFile |
file_handle => 0x0000037c filepath => C:\WINDOWS\system32\ desired_access => 0x00100001 filepath_r => \??\C:\WINDOWS\system32\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.300813 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\VBE\MSForms.exd desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE\MSForms.exd create_options => 2144 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:30.300813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.320813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.340813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.350813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.360813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.370813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\VBE\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.380813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.390813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.400813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.410813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.420813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.430813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.440813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.450813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.460813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.470813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.480813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.490813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.500813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.511813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.521813 | NtOpenFile |
file_handle => 0x00000370 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.601813 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000370 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\VBE\MSForms.exd desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE\MSForms.exd create_options => 96 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:30.611813 | NtWriteFile |
buffer => MSFT file_handle => 0x00000370 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:30.621813 | NtWriteFile |
buffer => file_handle => 0x00000370 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:30.631813 | NtWriteFile | buffer => |